Data protection

1.1 The following data protection declaration applies to the use of the website shop-gral.com and the services offered through it. This website is a service provided by Stiftung Gralsbotschaft (Lenzhalde 15, 70192 Stuttgart, Germany, e-mail info@gral.de), which is the entity responsible in the sense of article 4 of the EU General Data Protection Regulation (‘GDPR’).

1.2 Protecting your personal data is very important to us, especially with regards to the task of protecting personal rights while this information is being processed and used. The following section provides information regarding the collection of personal data associated with the use of our website. The phrase ‘personal data’ refers to all data that can be mapped to you personally, such as your name, address, e-mail addresses and user behaviour.

2. Automated data collection and processing by the browser

2.1 As is the case with any other website, our server automatically and temporarily collects data in the server log files. These server log files are transferred by the browser, unless you have deactivated this facility. If you wish to view our website, we shall collect the following data, which is technically necessary in order for us to be able to show you our website and guarantee stability and security [legal basis (article 6 section 1 liter. f) of the GDPR]:

  • IP address of the enquiring computer

  • The client’s file request

  • The http response code

  • The website from which you are visiting us (referrer URL)

  • The time of the server request

  • Browser type and version

  • Operating system used by the enquiring computer

The server log files are not analysed in an individual-related manner. The service provider can never map this data to specific individuals. This data is not combined with other data sources, unless you give your consent for such a course of action [e.g. by signing up for the newsletter (refer to clause 3.2)].

3. Collection and processing of voluntarily-disclosed data

3.1 General contact

If you provide us with personal data via e-mail, through our website or in any other manner (name, first name, e-mail address, address), this is generally done on a voluntary basis. This data is used to execute the contractual relationship, process your queries or orders, carry out in-house market or opinion research operations and send separate advertisements via post and e-mail. The data is not used in a further-reaching manner; in particular, it is not forwarded to third parties for the purposes of advertising and market or opinion research. The legal basis is article 6 section 1 liter. b) of the GDPR, or article 6 section 1 liter. f) of the GDPR.

3.2 Newsletter

We will need your e-mail address if you want to subscribe to our newsletter; you also have the option of voluntarily stating your name. Along with your e-mail address, the data that is automatically transferred by your browser (operating system, browser type and version, referrer URL and your IP address) is also collected and stored. This data is only used to communicate with you within the context of our newsletter. By subscribing to the newsletter, you accept the fact that we shall store the aforementioned data in order to be able to send the newsletter.

We use the so-called ‘double-opt-in procedure’ in operations in which users sign up for our newsletter. After you sign up, we shall send an e-mail to the specified e-mail address. This e-mail will ask you to confirm that you wish to receive the newsletter. If you do not confirm your enrolment in 14 days, your information shall be deleted. We also save the IP addresses that you have used, along with information regarding the time of enrolment and confirmation. The goal of the procedure is to verify your enrolment and (if applicable) gain the ability to clarify any potential misuse of your personal data. The legal basis is article 6 section 1 page 1 liter. a of the GDPR.

You can always revoke your consent for the future. You can announce your revocation by changing the newsletter settings on our newsletter page.

4. Forwarding to third parties

4.1 If you have provided us with personal data, the said data is, as a matter of principle, not forwarded to third parties. This data is only forwarded

– within the framework of consent given by you (cf. clause 3.2). When the data is collected, the recipients or categories of recipients shall be disclosed to you.

– to commissioned sub-contractors within the framework of the processing of your queries, your orders and the use of our services. These commissioned sub-contractors only receive the necessary data so that they will be able to carry out the task in question. They shall only use the said data for this specific purpose.

– to external service providers within the framework of order data processing (as per article 28 of the GDPR). These external service providers are carefully selected and commissioned by us, bound by our instructions and the provisions of the GDPR, and monitored regularly.

– to entities that are entitled to receive information; this is done within the framework of the fulfilment of legal obligations.

5. Cookies

5.1 This website uses cookies. Cookies are small text files that are stored locally in your browser's cache. This website uses the following types of cookies, whose scope and mode of operation have been explained in the following section:

– Transient cookies (refer to 5.2)

5.2 Transient cookies are deleted automatically as soon as you close the browser. Session cookies belong to this type. They store a so-called session ID, which can be used to correlate various queries of your browser with the overall session. This makes it possible for your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close the browser.

5.3 You can configure your browser settings based on your wishes. For example, you can refuse to accept third-party cookies or all cookies in general. We would like to point out that it might not be possible for you to use all the functions of this website.

6. Duration of storage

Your data shall only be used as long as such usage is necessary for the existing customer relationship, unless you have given us your consent, or we have a legitimate interest in further processing. In such cases, we shall continue to process your data until you revoke your consent, or until you object to our legitimate interests. Nevertheless, commercial-law-related and tax-law-related guidelines obligate us to store data pertaining to your address, payments and orders for a period of ten years.

7. Your rights

7.1 You have the following rights vis-a-vis us with regard to the personal data that pertains to you:

– Right to information,

– right to correction or deletion,

– right to limitation of processing,

– right to object to processing,

– right to data transferability.

Please send your written request to Stiftung Gralsbotschaft, Lenzhalde 15, 70192 Stuttgart, or to the e-mail address info@gral.de.

7.2 You also have the right to complain to a data protection supervisory authority about the manner in which we process your personal data.